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(54) AUTHENTICATION METHOD 
(57)Abstract: 

PURPOSE: To shorten the time required for the 
authentication processing of a specific service request 
by storing a 2nd signal as a new authentication answer 
signal. 

CONSTITUTION: At the specific service request a node 
2 stores an authentication key of a node 1 and a 
recognition answer signal, sent back from a node 1 at 
the time of the process of a last service request and 
the node 1 puts a signal, generated by ciphering the 
recognition answer signal generated in the process of 
the last service request with the authentication key, in a 
service request signal and sends them. The node 2 
receives the deciphers the signal with the authentication 
key, performs certifying operation by collating the 
deciphering result with the stored authentication answer 
signal, and updates the authentication signal with the 
signal received from the node 1. Thus, the node 1 stored 
the authentication answer used for the last 
communication process and the node 2 stores the 
authentication answer and the authentication key of the node 1, so a request for the 
authentication key to the storage device of the node 2 and an authentication request procedure 
to the node 1 can be omitted. 
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* NOTICES * 

JPO and NCI PI are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 
[Claim(s)] 

[Claim 1] The communication device which has an authentication key, and the communication 
link processor which is connected by the communication device and communication line and 
performs communications processing, It is constituted by the storage which memorizes the 
authentication key for attesting said communication device, and gives an authentication key to 
said communication link processor according to the demand from said communication link 
processor. Two processing modes are included in said communications processing. In the first 
processing mode The process which requires the authentication key of the communication device 
of said storage, and receives and memorizes it when said communication link processor receives 
the first communication link demand which directs that it is the first processing mode from said 
communication device, The process which generates a random number, and the process which 
transmits the random number to said communication device, The process which receives and 
memorizes the authentication reply signal generated by enciphering the random number using an 
authentication key with said communication device, The process which decodes that 
authentication reply signal, and the process which starts a communication link between said 
communication devices when this decoded signal and said random number are in agreement are 
included. Said communication device includes the process which memorizes said authentication 
reply signal. Moreover, in the second processing mode That said communication link processor 
is the second processing mode The process which decodes the signal using the authentication key 
memorized at the time of said first processing mode when the second communication link 
demand signal including the second signal which enciphered the authentication reply signal 
which the signal to direct and said communication device have memorized using the 
authentication key is received from said communication device, The process which starts a 
communication link between said communication devices when the authentication reply signal 
remembered to be the decode result is collated and it is in agreement, Said communication 
device is the authentication approach characterized by including the process which memorizes 
said second signal as a new authentication reply signal, including the process which memorizes 
said second signal as a new authentication reply signal. 

[Claim 2] The communication device which has an authentication key, and the communication 
link processor which is connected by the communication device and communication line and 
performs communications processing, It is constituted by the storage which memorizes the 
authentication key for attesting said communication device, and gives an authentication key to 
said communication link processor according to the demand from said communication link 
processor. Two processing modes are included in said communications processing. In the first 
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processing mode The process which requires the authentication key of the communication device 
of said storage, and receives and memorizes it when said communication link processor receives 
the first communication link demand which directs that it is the first processing mode from said 
communication device, The process which generates a random number, and the process which 
transmits the random number to said communication device, The process which receives and 
memorizes the authentication reply signal generated by enciphering the random number using an 
authentication key with said communication device, The process which starts a communication 
link between said communication devices when the process which enciphers said random 
number, the signal which enciphered this random number, and said authentication reply signal 
are in agreement is included. Said communication device includes the process which memorizes 
said authentication reply signal. Moreover, in the second processing mode The process which 
receives the second communication link demand signal including the second signal which 
enciphered the authentication reply signal with which the signal to direct and said 
communication device have memorized that said communication link processor is the second 
processing mode using the authentication key from said communication device, The process 
which enciphers the memorized authentication reply signal using said authentication key, The 
process which starts a communication link between said communication devices when this 
enciphered signal and said second signal are collated and it is in agreement, Said communication 
device is the authentication approach characterized by including the process which memorizes 
said second signal as a new authentication reply signal, including the process which memorizes 
said second signal as a new authentication reply signal. 

[Claim 3] The authentication approach according to claim 1 or 2 characterized by for said 
communication device being a portable telephone, for said communication link processor being 
the exchange, for the first communication link demand being call origination, and the second 
demand being a channel change during a communication link. 

[Detailed Description of the Invention] 
[0001] 

[Industrial Application] This invention relates to the approach the communication link processor 
represented by the exchange attests the communication device represented by the subscriber 
terminal connected to it in the case of a communication link demand. 
[0002] 

[Description of the Prior Art] The conventional authentication approach is shown in drawing 2 . 
10 is a communication device, for example, a subscriber terminal like telephone, or a land 
mobile radiotelephone machine and a portable telephone corresponds. All over drawing, it was 
indicated as the node 1. 20 is a communication link processor, for example, the exchange, a 
control unit, etc. correspond. All over drawing, it was indicated as the node 2. 30 is a memory 
station which memorizes the information about the communication device 10 represented by the 
authentication key of a communication device 10. All over drawing, it was indicated as DB. 
[0003] A node 1 transmits a service request signal first. This is equivalent to transmitting a call 
origination signal, in case for example, a pocket machine is call origination. The node 2 which 
received this signal requires the same authentication key as the authentication key for attesting a 
node 1 to DB30, i.e., the authentication key which the node 1 has memorized in secrecy. If the 
authentication key is received from DB30, a node 2 will generate a random number and will 
transmit to a node 1. The node 1 which received the random number enciphers the random 
number using an authentication key, and returns it to a node 2 by considering the enciphered 
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signal as an authentication response. The node 2 which received it carries out the code decode of 
that signal using an authentication key, and collates this decoded signal and the random number 
transmitted to the node 1 . As a result of collating, if in agreement, a node 1 will judge that he is a 
just subscriber, and will start a communication link. Next, also when the 2nd service request, 
such as a channel change, is during this communication link, authentication of a node 1 is 
performed by the completely same procedure, for example. 

[0004] Functional block with which the contents of processing of the node 1 in this case and a 
node 2 are expressed to drawing 3 is shown, (b) is drawing showing the function of a node 1, and 
enciphers the random number received from the node 2 using its own authentication key. (**) is 
drawing showing the function of a node 2, decodes the encryption signal received from the node 
1 using the authentication key (it acquires from storage separately) of a node 1, and collates the 
random number generated apart from the decode result. 
[0005] 

[Problem(s) to be Solved by the Invention] At the above-mentioned Prior art, about all service 
requests, since the node 2 needed to perform decode of the authentication demand and the 
encryption signal from a node 1 to acquisition of an authentication key and generating of a 
random number, and a node 1, and collating with it and a random number whenever the service 
request occurred, authentication processing took time amount and the fault that the delay 
accompanied by communication link initiation, i.e., a line connection, became large was. 
[0006] This invention aims at offering the authentication approach which can shorten the time 
amount which authentication processing takes about a specific service request. 
[0007] 

[Means for Solving the Problem] As for the authentication approach of this invention, in the case 
of the specific service request, the node 2 memorizes the authentication reply signal which 
received the return from a node 1 beforehand on the occasion of processing of the authentication 
key of a node 1, and the last service request. A node 1 includes the signal which enciphered 
further the authentication reply signal generated on the occasion of processing of the last service 
request with the authentication key in a service request signal, and transmits. It is characterized 
by a node 2 updating an authentication reply signal with the signal which received it, decoded 
with the authentication key, attested by collating the authentication reply signal under storage 
with the decode result, and was further received from the node 1. 
[0008] 

[Function] In a node 1, since the authentication key of the authentication response and node 1 is 
memorized for the authentication response used for the last communications processing by the 
node 2 and the authentication demand procedure to the demand and node 1 of the authentication 
key to storage in a node 2 can be skipped, this invention enables it to perform authentication 
processing for a short time. 
[0009] 

[Example] Drawing 1 explains the authentication approach of this invention. Signs 10-30 are the 
same as that of it of drawing 2 . There are two communication link processing modes in this 
invention. One is the mode in which processing to a service 1 demand signal is performed, and 
another is the mode in which processing to a service 2 demand signal or a service 3 demand 
signal is performed. 

[0010] If it explains from the first communication link processing mode, a node 1 will transmit a 
service request signal first. This is equivalent to transmitting a call origination signal, in case for 
example, a pocket machine is call origination. The node 2 which received this signal requires the 
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same authentication key as the authentication key for attesting a node 1 to DB30, i.e., the 
authentication key which the node 1 has memorized in secrecy. A node 2 generates a random 
number and transmits to a node 1 while it will memorize it, if the authentication key is received 
from DB30. As long as the process which generates this random number is after receiving a 
service 1 demand signal, it may not necessarily be here. The node 1 which received the random 
number enciphers the random number using an authentication key, and it returns it to a node 2 
while it memorizes the enciphered signal as an authentication response. The node 2 which 
received it carries out the code decode of that signal using an authentication key, and collates this 
decoded signal and the random number transmitted to the node 1 . As a result of collating, if in 
agreement, a node 1 will judge that he is a just subscriber, and will start a communication link. 
This is an authentication procedure in the first communication link processing mode. 
[001 1] Next, the second communication link processing mode is explained. Processing when this 
has the 2nd service request, such as a channel change, in the middle of the communication link 
connected by the first communication link processing mode corresponds. A node 1 transmits a 
service 2 demand signal. The new authentication reply signal which enciphered the 
authentication reply signal which remembered it that it was the second communication link 
processing mode to be the indication signal to direct at the time of the first communication link 
processing mode with its own authentication key is included in this signal. Moreover, an 
authentication reply signal [ finishing / storage ] is updated with a new authentication reply 
signal. If a node 2 receives a service 2 demand signal and it recognizes that it is the service 
request of the second communication link processing mode, while updating the authentication 
reply signal under storage by it This new authentication reply signal is decoded using the 
authentication key of the node [ finishing / storage / already ] 1, a decode result and an 
authentication reply signal [ finishing / storage / already ] (what was memorized at the time of 
the first communication link processing mode) are collated, and a communication link will be 
started if in agreement. 

[0012] Moreover, when a node 1 next transmits a service 3 demand signal, while enciphering an 
authentication reply signal with the authentication key of a node 1 , generating an authentication 
reply signal new again and updating the authentication reply signal of a node 1 and a node 2, it 
attests by carrying out the same processing as the case of service 2 demand by it. The 
authentication functional diagram of the node 1 required in order to perform this invention to 
drawing 4 , and a node 2 is shown, (b) is the authentication functional diagram of a node 1 . At 
the time of the first communication link processing mode, a switch 2 is made into ** by making 
a switch 1 into **. Then, while enciphering and outputting the inputted random number with its 
own authentication key, it is held in a store circuit 40. This becomes an authentication reply 
signal. Moreover, at the time of the second communication link processing mode, a switch 1 is 
made as ** and a switch 2 is made into **. In this case, while it is enciphered with an 
authentication key and the authentication reply signal currently held at the storage section 40 
outputs as a new authentication reply signal, the storage section 40 is updated. 
[0013] (b) is the authentication functional diagram of a node 2. A switch 3 and a switch 4 
reverse-interlock like illustration. For each of 41 and 42, although it is the storage section which 
memorizes an authentication reply signal, the contents of storage are 1 cycle gap ****** 
mutually. In the first communication link processing mode, a switch 5 is made into **, a switch 3 
is connected to the storage section 41, and a switch 4 is connected to the storage section 42. Of 
course, reverse is sufficient as the connection between switches 3 and 4 and the storage sections 
41 and 42. Then, after the authentication reply signal (it is displayed as the result of an operation 
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by a diagram) received from the node 1 is decoded with an authentication key, it attests by 
collating it and the random number transmitted to the node 1. Moreover, in the second 
communication link processing mode, **, a switch 3, and a switch 4 are made into ** for a 
switch 5. If both switches are connected like illustration at this time, it attests by decoding it with 
an authentication key, while holding the result of an operation of the received service request 
signals, i.e., a new authentication reply signal, in the storage section 41, and collating with the 
authentication reply signal in front of 1 cycle currently held in the storage section 42. At the time 
of the following service request, if a switch 3 and a switch 4 are connected conversely, it will 
attest by decoding it with an authentication key, while holding the result of an operation of the 
received service request signals, i.e., a new authentication reply signal, in the storage section 42, 
and collating with the authentication reply signal in front of 1 cycle currently held in the storage 
section 41. 

[0014] Drawing 5 is an authentication procedure at the time of applying this invention to a 
channel change during the communication link in mobile communication. 10 corresponds to a 
node 1 at a migration terminal. By the exchange, 20 corresponds to a node 2. 30 is storage and a 
base station (it is called the old base station) while a migration terminal is communicating [ 51 ], 
and 52 is the base station (it is called a new base station) of a change place. Here, call origination 
processing corresponds to the first communication link processing mode, and a channel change 
corresponds to the second communication link processing mode during a communication link. A 
terminal 10 transmits a call origination signal first. This is equivalent to a service 1 demand 
signal from a node 1 . It attests in the same procedure as the first communication link processing 
mode of drawing 1 , and a communication link is started henceforth. When it is made other 
wireless zones after that with the migration in the end of the back end, a channel change is 
performed in order to continue a communication link. In case a terminal 10 detects zone shift at 
this time and a channel change is performed, the authentication reply signal memorized first is 
enciphered further, a new authentication reply signal is made, and the channel change demand 
signal containing it is transmitted to the base station 52 of a shift place. A base station 52 
transmits it to the exchange 20. The exchange 20 will transmit a channel change reception signal 
to a terminal 10 by base station 52 course, if authentication is completed. A terminal 10 
recognizes that authentication was completed by this, and updates the authentication reply signal 
under storage. 

[0015] In addition, although the case where the authentication key of a node 1 and an 
authentication response are held by the node 2 so far has been explained, it is also possible to 
give these as usual to storage 30 and to omit only the authentication actuation between a node 1 
and a node 2. The procedure in that case is shown in drawing 6 . Although the configuration of a 
service 2 demand signal is the same as that of the case where it is shown in drawing 1 , it differs 
in that a node 2 accesses storage 30 and authentication actuation is performed. This of the 
configuration and actuation of a node 1 is also completely the same as that of the example of the 
beginning of this invention, and it is possible to reduce post-dialing delay compared with the 
former at the point which an exchange of the authentication signal between a node 1 and a node 
2 can omit. 

[0016] Furthermore, although the case where authentication actuation which a communication 
device slack terminal and the communication link processor slack exchange show to drawing 4 is 
performed as the first example until now has been explained, this invention can be applied also 
when performing different authentication actuation from this. The example is shown in drawing 
7 as the second example. Although actuation of a communication device is the same as that of 
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the case of the first example, actuation of a communication link processor differs. That is, in a 
communication link processor, the result of an operation (authentication response produced in 
the last connection actuation) currently held is not decoded, but it enciphers further using an 
authentication key, and the enciphered result is collated with the authentication reply signal 
received from the communication device. Even in this case, it is materialized completely like the 
first example, and has the same effectiveness. 
[0017] 

[Effect of the Invention] According to this invention, since the authentication processing time in 
the second communication link processing mode can be shortened, the communication link 
processing time can be shortened and post-dialing delay can be mitigated. 
[Brief Description of the Drawings] 

[Drawing 11 It is drawing explaining the authentication approach of this invention. 

[Drawing 2] It is drawing explaining the conventional authentication approach. 

[Drawing 31 It is drawing showing the authentication function of a communication device and a 

communication link processor in the conventional authentication approach. 

[Drawing 41 It is drawing showing the authentication function of a communication device and a 

communication link processor in this invention. 

[Drawing 51 It is drawing explaining the authentication procedure at the time of applying this 
invention to a channel change during a communication link. 

[Drawing 61 It is drawing showing the second example of the authentication approach of this 
invention. 

[Drawing 7] It is drawing showing another example of the authentication function of the 
communication device in this invention, and a communication link processor. 
[Description of Notations] 

10 Communication Device (for example, Subscriber Terminal) 
20 Communication Link Processor (for example, Exchange) 
30 Storage (for example, Home Memory) 
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